Read the full article here: [http://www.myce.com/news/ebay-ireland-intermittently-shows-a-redirecting-doubleclick-ad-77241/](http://www.myce.com/news/ebay-ireland-intermittently-shows-a-redirecting-doubleclick-ad-77241/)
Please note that the reactions from the complete site will be synched below.

As it appears that Doubleclick is being tricked into loading third party content into an iframe, this trick could potentially be used by rogue advertisers to load malware-infected webpages in the iframe.

This is why I use a PC hosts edit it will block that site domain and kill it from loading regardless of which Browser I use to go to eBay.

Although Internet Explorer does not appear to be affected by the redirections, I did come across the JavaScript that fetched the runcdns domain within the same vacation bargain ad:

There is plenty of strange code here that appears to insert new HTML elements as well as fetching content from various domains. In the lower half of code, there are three iframes nested within another iframe, not to mention that all this code is in turn contained within the Doubleclick ad iframe.

I tried a fair number of searches on both ebay.co.uk and ebay.com in Firefox, but not once did I see that vacation bargains ad, but with just one search on ebay.ie and that suspicious ad banner appeared. So it’s probably only targeted at the Irish eBay website.

Just to update - This redirection occurred when I tried Internet Explorer 11 a moment ago, so it’s not just Firefox specific as I initially thought. I also briefly saw that suspicious vacation bargains ad at the upper right just before I got redirected.

[QUOTE=cholla;2759941]The Irish eBay website is the one I tried.[/QUOTE]

This probably means your host file is working fine. It’s also quite possible that the suspicious ad is not shown to users outside of Ireland even if they visit the Irish website. For example, I see ad banners about Eircom, Sky Ireland, etc. that I’m sure are not shown to visitors outside of Ireland even if they visit the Irish eBay website.

One more interesting thing I found - When I hover my mouse over the suspect ad (with the nested iframes), it nearly always points directly at the target URL, i.e. I’m fairly sure if I click it, Doubleclick (and in turn eBay) does not earn anything as it appears that this click will not be recorded:

For comparison, this is what the target URL looks for another ad in the same location (after going to the next page of eBay results) and it’s clear that Google Ad services is going to know if this one is clicked:

As far as I can tell, that suspicious ad is gone now. I tried a good handful of searches on ebay.ie in Firefox and didn’t get redirected this evening on my home PC, which was last used on eBay yesterday.

[QUOTE=SeÃ¡n;2760036]I ran that through JavaScript beautifier, which does a pretty nice job of breaking it up into semi-readable code.

As far as I can tell, that suspicious ad is gone now. I tried a good handful of searches on ebay.ie in Firefox and didn’t get redirected this evening on my home PC, which was last used on eBay yesterday.[/QUOTE]
Probably because of the complaints they got they thought it be better to remove it before someone sends them a legal action against them.

I received confirmation from Rubicon Project that they pulled the culprit ad.

[B]Edit:[/B] I had one more appearance of that suspect ad on eBay (vertical Vacation Bargains banner at upper right), which indeed redirected me. However, as I did not clear my browser’s cache on my home PC since before Lee contact me, it’s quite possible eBay showed a cached ad, so for for anyone who still gets this redirection, be sure to clear the browser’s cache, which I’ve now done.

Just in case it does make a reappearance, I’ll aim to have Fiddler running in the background each time I use eBay over the coming days.